Why do Smarsheet webhooks force developers to create webhooks only in a production environment?

Options
Cameron Lenartowich
Cameron Lenartowich
in API & Developers

In the docs, the following is stated:

  • Smartsheet webhooks do not support callbacks to servers using self-signed certificates. The callback server must be using a signed certificate from a certificate authority.
  • The callbackURL cannot be a private IP address.
  • The callbackURL must use one of the following ports: 443 (default for HTTPS), 8000, 8008, 8080, or 8443.

In other words, you cannot create a webhook in development or testing environments. It seems like there should be a way to do that because creating the hook in production would be horribly inconvenient.

· Share on FacebookShare on Twitter

Best Answer

Answers

  • Scott Willeke
    Scott Willeke Employee
    Options

    Hey Cameron,

    Since web hooks connects to your host over the public Internet, we do require that the host present a certificate issued by a well-known certificate authority. This helps ensure that the web hook is sending data to the right host and that the data is encrypted. While this is more secure, it doesn’t prevent you from setting up web hooks to pre-production environments. It just means that the pre-production environments need to use trusted certificates too. I know some customers using web hooks are using certificates from Let's Encrypt which are free and they have some handy tools to make provisioning certificates easy.

    Hope this helps!

    Scott Willeke

    Director of Product Management

    Smartsheet

    · Share on FacebookShare on Twitter
  • Cameron Lenartowich
    Cameron Lenartowich
    Options

    Hey Scott, thanks for the response.

    So what concerns me is bullet point #2 where it says "The callbackURL cannot be a private IP address". Private IP addresses are used by all applications that run in your development environment. If private IP addresses are the only URL's that you can use in development environment, but sourcetree doesn't allow private IP addresses, I don't see how this will work.

    · Share on FacebookShare on Twitter
  • Scott Willeke
    Scott Willeke Employee
    Options

    Cameron:

    As an Internet-based application, our web hooks only connect to hosts over the public Internet. A private IP address cannot be exposed to the public Internet. So using a private IP would be a non-starter for other reasons (e.g. if we allowed private IP addresses it would essentially be connecting to private hosts in our own internal network).

    If I'm missing something here that would be better resolved over email, feel free to contact our support team at https://help.smartsheet.com/contact . Although probably not your fastest option, as an alternative you can schedule time with me directly and personally walk through your scenario with you. If you choose to do so, please use the following link to schedule time with me: https://calendly.com/activescott


    Scott Willeke

    Director of Product Management

    Smartsheet

    · Share on FacebookShare on Twitter
  • Cameron Lenartowich
    Cameron Lenartowich
    Answer ✓
    Options

    The solution to this problem is to use TCP Tunneling.

    https://blog.cloud-elements.com/4-options-developing-webhooks

    · Share on FacebookShare on Twitter

Categories